Cyber Maturity Roadmap: know your threats and know how to act

Perhaps you are asking yourself the question: “how vulnerable is my business to cyber threats?” An important question for any company, particularly at a time when much of our work is being digitised and working in the cloud is becoming common. And indeed: how does my organisation deal with sometimes sensitive information, how vulnerable is it to cyber threats and is it adequately prepared for cyber attacks?

A concrete approach for your organisation?

Step 1. Measure cyber maturity

We will measure the cyber security maturity of your organisation. This will give you an insight into the current capacity of your organisation to protect itself against cyber attacks. We will then present recommendations for improvement in line with your strategy.

Step 2. Specify ambition

Together with important stakeholders, we will define your ambition based on the results of the maturity assessment plus your IT risks, your strategy and external developments. With the cyber in the boardroom session, we will involve your management board and establish transparency and support. We will then determine the extent to which you want to protect yourself against cyber attacks and which competencies are required, keeping a close eye on practical feasibility.

Step 3. Recalibrate your cyber security plan

Together with your team, we will write a security plan that provides a clear picture of how information security will function in your organisation within a timeframe of one to two years and how this will be achieved. The plan will include a roadmap enabling you to achieve the desired configuration and build up the required competencies.

An improvement plan that enjoys broad support

Yet another advisory report from external consultants on your desk. How to make the results work for you in practice? We will draw up the roadmap in dialogue with your teams and the most important portfolio holders. We will bring positive drive and clarity, and set out a clear pathway within your organisation. By the time the roadmap is presented to your board, along with a programme plan, owners and an estimated budget, it will not come as a surprise to any of them. We will already have gone through it in detail with your teams and everyone will be behind the plan.

See how you score compared to the benchmark

Your business does not stand in isolation. It is very valuable to know how you are doing compared to other companies in the sector. KPMG's Cyber Maturity Roadmap looks at six essential domains: leadership, risk management, technology, legal, the human factor and business continuity. The results are benchmarked against comparable companies and presented in an easy-to-read dashboard. This provides in-depth insight into how mature the cyber security of your organisation is and shows you how you can make targeted investments in order to improve it.

At home in every market, including yours

The Cyber Maturity Roadmap performs analyses for every type of business and every type of industry. It draws on international information security standards, the experience of our specialists and best practices in the fields of risk management, IT security and regulations.

You can start small... or go large right away

The Cyber Maturity Roadmap has the flexibility to perform a measurement per business unit or across the entire organisation. However large or small we begin: we identify the gaps, highlight the most important security risks and establish an effective plan of action.

Cyber Maturity Assessment and Roadmap

Our practical method consists of the Cyber Maturity Assessment (CMA) and Roadmap (CMR) services. Together, they offer you a complete solution: from insight into your vulnerabilities to concrete actions.

Among other things, the assessment sheds light on the way in which the business handles sensitive data, its sensitivity to cyber threats and the quality of its preparations. The CMA is based on international information security standards, combined with our expertise and best practices.

The roadmap is divided into the same six domains as the assessment, such as governance, risk management and operations. For each domain, you will get an action plan with change objectives, including concrete actions and deliverables, an estimate of the lead time, out-of-pocket expenses and required resources.

Know more?

Bert Koelewijn

Senior manager, Cyber Governance and Risk
KPMG Nederland

Connect with us

Related content